MSN virus

**HereFishie** · 15-04-2007

combofix...

"Owner" - 07-04-14 21:28:08 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{3CC1D~1\UnInstall.exe
C:\lswmv.ini
C:\WINDOWS\system32\sstqp.dll
C:\Program Files\Common Files\Uninstall Information
C:\Program Files\Common Files\{3CC1D~1
C:\Program Files\Common Files\{5CC1D~1

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR

((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))

2007-04-14 20:47 <DIR> d-------- C:\VundoFix Backups
2007-04-14 15:07 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-04-14 02:07 3,310 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-13 21:19 26,694 --a------ C:\WINDOWS\system32\xxyyayx.dll
2007-04-13 21:09 26,694 --a------ C:\WINDOWS\system32\awtqnnm.dll
2007-04-13 20:59 26,694 --a------ C:\WINDOWS\system32\ljjklkj.dll
2007-04-13 20:49 26,694 --a------ C:\WINDOWS\system32\ddccbyx.dll
2007-04-13 20:39 26,694 --a------ C:\WINDOWS\system32\xxyyywt.dll
2007-04-13 20:29 26,694 --a------ C:\WINDOWS\system32\efccbcy.dll
2007-04-13 20:19 26,694 --a------ C:\WINDOWS\system32\cbxuutt.dll
2007-04-13 20:09 26,694 --a------ C:\WINDOWS\system32\pmnoomj.dll
2007-04-13 19:59 26,694 --a------ C:\WINDOWS\system32\pmnolif.dll
2007-04-13 19:49 26,694 --a------ C:\WINDOWS\system32\byxxyvv.dll
2007-04-13 19:39 26,694 --a------ C:\WINDOWS\system32\ddcbcda.dll
2007-04-13 19:29 26,694 --a------ C:\WINDOWS\system32\tuvsstq.dll
2007-04-13 19:19 26,694 --a------ C:\WINDOWS\system32\jkkhghg.dll
2007-04-13 19:09 26,694 --a------ C:\WINDOWS\system32\ljjgffg.dll
2007-04-13 18:44 26,694 --a------ C:\WINDOWS\system32\ddcbbba.dll
2007-04-13 18:29 26,694 --a------ C:\WINDOWS\system32\rqrqrpn.dll
2007-04-13 18:19 26,694 --a------ C:\WINDOWS\system32\nnnonmk.dll
2007-04-13 18:09 26,694 --a------ C:\WINDOWS\system32\nnnopoo.dll
2007-04-13 17:59 26,694 --a------ C:\WINDOWS\system32\xxywwuu.dll
2007-04-13 17:49 26,694 --a------ C:\WINDOWS\system32\ddcbxus.dll
2007-04-13 17:39 26,694 --a------ C:\WINDOWS\system32\vtuurqr.dll
2007-04-13 17:29 26,694 --a------ C:\WINDOWS\system32\fcccyyx.dll
2007-04-13 17:19 26,694 --a------ C:\WINDOWS\system32\pmnnkhg.dll
2007-04-13 17:09 26,694 --a------ C:\WINDOWS\system32\tuvusrq.dll
2007-04-13 16:59 26,694 --a------ C:\WINDOWS\system32\vtutrro.dll
2007-04-13 16:49 26,694 --a------ C:\WINDOWS\system32\qomnkhg.dll
2007-04-13 16:39 26,694 --a------ C:\WINDOWS\system32\wvuvwts.dll
2007-04-13 16:29 26,694 --a------ C:\WINDOWS\system32\mljhigf.dll
2007-04-13 16:19 26,694 --a------ C:\WINDOWS\system32\awtsqqn.dll
2007-04-13 16:09 26,694 --a------ C:\WINDOWS\system32\awtuuvu.dll
2007-04-13 15:59 26,694 --a------ C:\WINDOWS\system32\hgghfed.dll
2007-04-13 15:49 26,694 --a------ C:\WINDOWS\system32\byxxxvw.dll
2007-04-13 15:39 26,694 --a------ C:\WINDOWS\system32\iifeefe.dll
2007-04-13 15:29 26,694 --a------ C:\WINDOWS\system32\byxyvts.dll
2007-04-13 15:19 26,694 --a------ C:\WINDOWS\system32\byxuuvs.dll
2007-04-13 15:09 26,694 --a------ C:\WINDOWS\system32\khfdbay.dll
2007-04-13 14:59 26,694 --a------ C:\WINDOWS\system32\nnnolmj.dll
2007-04-13 14:49 26,694 --a------ C:\WINDOWS\system32\ssqpqol.dll
2007-04-13 14:39 26,694 --a------ C:\WINDOWS\system32\ssqnoli.dll
2007-04-13 14:29 26,694 --a------ C:\WINDOWS\system32\hggfcba.dll
2007-04-13 14:19 26,694 --a------ C:\WINDOWS\system32\ssqollk.dll
2007-04-13 14:09 26,694 --a------ C:\WINDOWS\system32\ljjgfcb.dll
2007-04-13 13:59 26,694 --a------ C:\WINDOWS\system32\efcbaba.dll
2007-04-13 13:49 26,694 --a------ C:\WINDOWS\system32\nnnmnkj.dll
2007-04-13 13:39 26,694 --a------ C:\WINDOWS\system32\jkklmmk.dll
2007-04-13 13:29 26,694 --a------ C:\WINDOWS\system32\tuvsrpn.dll
2007-04-13 13:19 26,694 --a------ C:\WINDOWS\system32\tuvwwtr.dll
2007-04-13 13:09 26,694 --a------ C:\WINDOWS\system32\yayabyw.dll
2007-04-13 12:59 26,694 --a------ C:\WINDOWS\system32\byxuvsr.dll
2007-04-13 12:49 26,694 --a------ C:\WINDOWS\system32\qomkiff.dll
2007-04-13 12:39 26,694 --a------ C:\WINDOWS\system32\iifffed.dll
2007-04-13 12:29 26,694 --a------ C:\WINDOWS\system32\gebcaxv.dll
2007-04-13 12:19 26,694 --a------ C:\WINDOWS\system32\yaywwur.dll
2007-04-13 12:09 26,694 --a------ C:\WINDOWS\system32\qomkife.dll
2007-04-13 11:59 26,694 --a------ C:\WINDOWS\system32\rqrrspn.dll
2007-04-13 11:49 26,694 --a------ C:\WINDOWS\system32\khfddee.dll
2007-04-13 11:39 26,694 --a------ C:\WINDOWS\system32\iifgghe.dll
2007-04-13 11:29 26,694 --a------ C:\WINDOWS\system32\awtsrsr.dll
2007-04-13 11:19 26,694 --a------ C:\WINDOWS\system32\xxyayvt.dll
2007-04-13 11:09 26,694 --a------ C:\WINDOWS\system32\efccbyx.dll
2007-04-13 10:59 26,694 --a------ C:\WINDOWS\system32\qomkhfd.dll
2007-04-13 10:49 26,694 --a------ C:\WINDOWS\system32\iifccay.dll
2007-04-13 10:39 26,694 --a------ C:\WINDOWS\system32\mljiife.dll
2007-04-13 10:29 26,694 --a------ C:\WINDOWS\system32\yayabxv.dll
2007-04-13 10:19 26,694 --a------ C:\WINDOWS\system32\cbxxwuv.dll
2007-04-13 10:09 26,694 --a------ C:\WINDOWS\system32\pmnkkhe.dll
2007-04-13 09:59 26,694 --a------ C:\WINDOWS\system32\qomjgfc.dll
2007-04-13 09:47 26,694 --a------ C:\WINDOWS\system32\ssqpqqr.dll
2007-04-13 09:37 26,694 --a------ C:\WINDOWS\system32\khfcdby.dll
2007-04-13 09:27 26,694 --a------ C:\WINDOWS\system32\mljiggg.dll
2007-04-13 09:17 26,694 --a------ C:\WINDOWS\system32\mljgddd.dll
2007-04-13 09:08 26,694 --a------ C:\WINDOWS\system32\qomjkkk.dll
2007-04-13 00:26 800,503 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2007-04-13 00:22 26,694 --a------ C:\WINDOWS\system32\ssqrqqr.dll
2007-04-13 00:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-04-12 01:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-11 23:45 <DIR> d-------- C:\Program Files\CCleaner
2007-04-11 20:01 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-04-11 07:54 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Opera
2007-04-11 01:30 26,694 --a------ C:\WINDOWS\system32\fccbxwv.dll
2007-04-11 01:21 26,694 --a------ C:\WINDOWS\system32\fccbaxy.dll
2007-04-11 00:54 26,694 --a------ C:\WINDOWS\system32\byxxuvw.dll
2007-04-11 00:44 26,694 --a------ C:\WINDOWS\system32\khfccyv.dll
2007-04-11 00:34 26,694 --a------ C:\WINDOWS\system32\nnnmmjk.dll
2007-04-11 00:24 26,694 --a------ C:\WINDOWS\system32\xxyvwur.dll
2007-04-11 00:09 26,694 --a------ C:\WINDOWS\system32\gebbyxw.dll
2007-04-10 23:59 26,694 --a------ C:\WINDOWS\system32\cbxywvw.dll
2007-04-10 23:49 26,694 --a------ C:\WINDOWS\system32\cbxxywt.dll
2007-04-10 23:39 26,694 --a------ C:\WINDOWS\system32\ljjigfe.dll
2007-04-10 23:32 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-10 23:31 <DIR> d--hs---- C:\WINDOWS\Q2hlcnlsIE1hc3NleQ
2007-04-10 23:29 26,694 --a------ C:\WINDOWS\system32\awtqonm.dll
2007-04-10 23:19 26,694 --a------ C:\WINDOWS\system32\tuvuvwu.dll
2007-04-10 20:30 26,694 --a------ C:\WINDOWS\system32\xxyayya.dll
2007-04-10 20:23 26,694 --a------ C:\WINDOWS\system32\gebayxy.dll
2007-04-10 20:13 26,694 --a------ C:\WINDOWS\system32\awtsqqp.dll
2007-04-10 20:04 26,694 --a------ C:\WINDOWS\system32\wvuvwxw.dll
2007-04-10 19:20 26,694 --a------ C:\WINDOWS\system32\fccayyx.dll
2007-04-10 19:05 26,694 --a------ C:\WINDOWS\system32\yayxvwv.dll
2007-04-10 18:55 26,694 --a------ C:\WINDOWS\system32\cbxyaxx.dll
2007-04-10 18:45 26,694 --a------ C:\WINDOWS\system32\qomlife.dll
2007-04-10 08:55 26,694 --a------ C:\WINDOWS\system32\wvurron.dll
2007-04-10 08:45 26,694 --a------ C:\WINDOWS\system32\byxwwvv.dll
2007-04-10 08:35 26,694 --a------ C:\WINDOWS\system32\cbxwwwt.dll
2007-04-10 08:25 26,694 --a------ C:\WINDOWS\system32\ssqoopo.dll
2007-04-10 08:15 26,694 --a------ C:\WINDOWS\system32\tuvtspm.dll
2007-04-10 08:00 26,694 --a------ C:\WINDOWS\system32\cbxxwvw.dll
2007-04-10 07:50 26,694 --a------ C:\WINDOWS\system32\ddccaxx.dll
2007-04-10 07:35 26,694 --a------ C:\WINDOWS\system32\vtusrqn.dll
2007-04-10 03:46 26,694 --a------ C:\WINDOWS\system32\byxvvtt.dll
2007-04-10 03:36 26,694 --a------ C:\WINDOWS\system32\opnonll.dll
2007-04-10 03:21 26,694 --a------ C:\WINDOWS\system32\rqrppqp.dll
2007-04-10 03:11 26,694 --a------ C:\WINDOWS\system32\efcyxxu.dll
2007-04-10 02:56 26,694 --a------ C:\WINDOWS\system32\fccyaxw.dll
2007-04-10 02:46 26,694 --a------ C:\WINDOWS\system32\cbxwtqr.dll
2007-04-10 02:36 26,694 --a------ C:\WINDOWS\system32\ssqrqqp.dll
2007-04-10 02:26 26,694 --a------ C:\WINDOWS\system32\ddcbbby.dll
2007-04-10 02:06 26,694 --a------ C:\WINDOWS\system32\ssqnoml.dll
2007-04-10 01:46 26,694 --a------ C:\WINDOWS\system32\pmnmkij.dll
2007-04-10 01:36 26,694 --a------ C:\WINDOWS\system32\nnnnkjk.dll
2007-04-10 01:21 26,694 --a------ C:\WINDOWS\system32\opnkjif.dll
2007-04-10 01:11 26,694 --a------ C:\WINDOWS\system32\tuvtstt.dll
2007-04-10 01:01 26,694 --a------ C:\WINDOWS\system32\cbxusrs.dll
2007-04-10 00:51 26,694 --a------ C:\WINDOWS\system32\wvusqro.dll
2007-04-10 00:31 26,694 --a------ C:\WINDOWS\system32\awtrqpo.dll
2007-04-10 00:21 26,694 --a------ C:\WINDOWS\system32\khfgheb.dll
2007-04-10 00:06 26,694 --a------ C:\WINDOWS\system32\khfefgf.dll
2007-04-09 23:56 26,694 --a------ C:\WINDOWS\system32\yayvuvu.dll
2007-04-09 23:46 26,694 --a------ C:\WINDOWS\system32\yayawur.dll
2007-04-09 23:36 26,694 --a------ C:\WINDOWS\system32\qommnkk.dll
2007-04-09 23:21 26,694 --a------ C:\WINDOWS\system32\wvusqpp.dll
2007-04-09 23:11 26,694 --a------ C:\WINDOWS\system32\pmnlifc.dll
2007-04-09 23:01 26,694 --a------ C:\WINDOWS\system32\ljjifdc.dll
2007-04-09 22:51 26,694 --a------ C:\WINDOWS\system32\fccdbbx.dll
2007-04-09 22:41 26,694 --a------ C:\WINDOWS\system32\opnkigh.dll
2007-04-09 22:31 26,694 --a------ C:\WINDOWS\system32\urqqnol.dll
2007-04-09 22:21 26,694 --a------ C:\WINDOWS\system32\tuvwuro.dll
2007-04-09 22:11 26,694 --a------ C:\WINDOWS\system32\nnnnlih.dll
2007-04-09 21:57 26,694 --a------ C:\WINDOWS\system32\ssqomji.dll
2007-04-09 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-04-09 21:46 26,694 --a------ C:\WINDOWS\system32\byxwwvw.dll
2007-04-09 21:32 26,694 --a------ C:\WINDOWS\system32\rqroolk.dll
2007-04-09 21:27 801,556 ---hs---- C:\WINDOWS\system32\ppqss.ini2
2007-04-09 21:13 26,694 --a------ C:\WINDOWS\system32\rqrsspq.dll
2007-04-09 21:03 26,694 --a------ C:\WINDOWS\system32\tuvtuvt.dll
2007-04-09 20:53 26,694 --a------ C:\WINDOWS\system32\nnnmkij.dll
2007-04-09 20:43 26,694 --a------ C:\WINDOWS\system32\urqqool.dll
2007-04-09 20:33 26,694 --a------ C:\WINDOWS\system32\xxyaywx.dll
2007-04-09 20:23 26,694 --a------ C:\WINDOWS\system32\wvuttrp.dll
2007-04-09 20:13 26,694 --a------ C:\WINDOWS\system32\opnlkig.dll
2007-04-09 20:03 26,694 --a------ C:\WINDOWS\system32\urqpmji.dll
2007-04-09 19:53 26,694 --a------ C:\WINDOWS\system32\opnljkj.dll
2007-04-09 19:43 26,694 --a------ C:\WINDOWS\system32\vtuutus.dll
2007-04-09 19:39 280,676 ---hs---- C:\WINDOWS\system32\sstqn.dll
2007-04-09 19:34 26,694 --a------ C:\WINDOWS\system32\yayyawt.dll
2007-04-09 19:27 26,694 --a------ C:\WINDOWS\system32\qomnnnk.dll
2007-04-09 19:27 26,694 --a------ C:\WINDOWS\system32\qomnlll.dll
2007-04-09 19:27 26,694 --a------ C:\WINDOWS\system32\pmnkigd.dll
2007-04-09 19:27 26,694 --a------ C:\WINDOWS\system32\awtqppo.dll
2007-04-09 19:26 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-23 15:11 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-03-16 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-03-16 23:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-16 23:36 <DIR> d-------- C:\Program Files\Common Files\Kodak

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2007-04-14 21:25 -------- d-------- C:\Program Files\hijack this
2007-04-14 18:32 -------- d-------- C:\Program Files\msn messenger
2007-04-12 00:15 -------- d-------- C:\Program Files\ewido anti-malware
2007-04-11 23:46 -------- d-------- C:\Program Files\yahoo!
2007-04-09 23:31 -------- d-------- C:\Program Files\windows live safety center
2007-03-17 07:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:37 -------- d-------- C:\Program Files\kodak
2007-03-08 09:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 09:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 09:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 07:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-03 18:48 -------- d-------- C:\Program Files\java
2007-02-05 14:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"Uniblue Registry Booster2"="C:\\Program Files\\Uniblue\\RegistryBooster2\\RegistryBooster. exe /S"
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.ex e"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72, 6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b ,00
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\nencjthj.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SRUUninstall"="\"C:\\WINDOWS\\System32\\msiexec.e xe\" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Norton Antivirus Startup Entry.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Norton Antivirus Startup Entry.lnk"
"backup"="C:\\WINDOWS\\pss\\Norton Antivirus Startup Entry.lnkStartup"
"location"="Startup"
"item"="Norton Antivirus Startup Entry"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="apitrap.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{970D022E-A884-4D2A-BB4A-EBC22D2FEBD2}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoAdminPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ClearRecentDocsOnExit"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.perfectphotos.ca/albums/I...ides_1_202.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ C:\wedding stuff\wedding_desktop.html

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnnnk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Symantec NetDetect.job

************************************************** ******************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

************************************************** ******************

Completion time: 07-04-14 21:40:02
C:\ComboFix-quarantined-files.txt ... 07-04-14 21:40

**HereFishie** · 15-04-2007

last HiJackThis log...
Logfile of HijackThis v1.99.1
Scan saved at 9:52:50 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A00B303-4F83-4106-8233-EEB1E3E5FA43} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\nkhlkmia.dll (file missing)
O2 - BHO: (no name) - {6809233B-E31B-4D69-8B1B-8E6A03A39702} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {970D022E-A884-4D2A-BB4A-EBC22D2FEBD2} - C:\WINDOWS\system32\qomnnnk.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\nencjthj.dll",setvm
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/neta.../custappx3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fishiemusings.spaces.msn.com/...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160458773095
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/...er/MotUtil.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://atwnt333.external.hp.com/bus-...r/SysQuery.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: qomnnnk - C:\WINDOWS\SYSTEM32\qomnnnk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

ALSO... adding MFC71.dll to system32 fixed the last error for logitray.exe but now since running Vundo I have this error on reboot

RUNDLL
error loading C:\WINDOWS\system32\necjthj.dll
This specified module could not be found.

**VopThis** · 15-04-2007

Let us review what is loaded on your PC:

Run HijackThis and Click ‘Open the Misc Tools section’ button.
Then click the ‘Open Uninstall Manager…’ button.
Click the ‘Save list…’ button. Save uninstall_list to your desktop.
Open the Uninstall list file and post in your next reply please.

**HereFishie** · 15-04-2007

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 8
ArcSoft PhotoImpression
Ares 2.0.8
AVG 7.5
AVG Anti-Spyware 7.5
Boulevard 2005
CardRd81
CCleaner (remove only)
CCScore
Coloreal
CompuServe
CR2
Detto IntelliMover Demo
easy Internet sign-up
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
EPSON User's Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Google Earth
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Inactive HP Printer Drivers (Remove only)
IncrediMail Xe
Indeo® Software
Intel(R) 82845G Graphics Driver Software
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
kgcbase
Kodak EasyShare software
KSU
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Picture It! 2000
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MultiTranse 3.2.1
MyDVD
netbrdg
NetMeeting 3.01
Netscape (7.0)
Nic's XviD Decoder
Notifier
NVIDIA Windows 2000/XP Display Drivers
Ofoto Easy Upload ActiveX Control
OfotoXMI
Opera 9.0
Opera 9.02
PC-Doctor for Windows
PS2
Quicken 2003 New User Edition
QuickTime
RealPlayer
RecordNow
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SFR
SFR2
SHASTA
ShowBiz
SKIN0001
SKINXSDK
Spybot - Search & Destroy 1.4
staticcr
Temperature Converter
tooltips
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Anything you can think of other than.....
Ares
Incredimail
Boulevard
yahoo messenger
windows live messenger
to uninstall I'm game...

Several programs came with the computer and I never bothered to remove them.
I don't have norton anymore... but it only removed some of it when I uninstalled...

**VopThis** · 15-04-2007

Delete FILES:

C:\WINDOWS\system32\sstqn.dll
*.TMP (exact text search to include some of the following clutter and potentially infection files)

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Guest\Application Data\Microsoft\Word\~WRL0786.tmp
C:\Documents and Settings\Guest\Application Data\Microsoft\Word\~WRL2283.tmp
C:\Documents and Settings\Guest\My Documents\~WRL2684.tmp
C:\WINDOWS\system32\ppqss.tmp
C:\WINDOWS\system32\ukxcphev.tmp

Download and run the Norton Removal Tool:

http://service1.symantec.com/SUPPORT...05033108162039

Suggest you reboot before doing the next steps:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.0_01

Your system has some outdated versions of Sun Java that could create ongoing serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 11 or higher, and install it to your computer.

New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.5.0_11\… or higher

There will still be a few more cleanup steps to complete (tomorrow once I have had a chance to process your latest logs).

**HereFishie** · 15-04-2007

Originally Posted by VopThis

Delete FILES:

C:\WINDOWS\system32\sstqn.dll
*.TMP (exact text search to include some of the following clutter and potentially infection files)

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Guest\Application Data\Microsoft\Word\~WRL0786.tmp
C:\Documents and Settings\Guest\Application Data\Microsoft\Word\~WRL2283.tmp
C:\Documents and Settings\Guest\My Documents\~WRL2684.tmp
C:\WINDOWS\system32\ppqss.tmp
C:\WINDOWS\system32\ukxcphev.tmp

I'm sorry its late and I'm tired so don't hurt me but I don't really follow your instructions on this... you want me to delete what exactly?
ALL of the listed files when I type *.TMP or just the ones you've listed here?

ok wait.. I figured it out... no need to reply

**HereFishie** · 15-04-2007

latest HJT log

Logfile of HijackThis v1.99.1
Scan saved at 12:39:53 AM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\nencjthj.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/neta.../custappx3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fishiemusings.spaces.msn.com/...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160458773095
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/...er/MotUtil.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://atwnt333.external.hp.com/bus-...r/SysQuery.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

**VopThis** · 15-04-2007

Delete FOLDER:

C:\Program Files\Ipwindows
(End running process ipwins.exe in TASK Manager, if necessary - Ctrl+Alt+Delete)

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKLM\..\Run: [PRINTDRIVE] rundll32.exe "C:\WINDOWS\system32\nencjthj.dll",setvm
O4 - HKCU\..\Run: [IPWINS] C:\Program Files\Ipwindows\ipwins.exe

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**HereFishie** · 15-04-2007

latest HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 1:16:35 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/neta.../custappx3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fishiemusings.spaces.msn.com/...d/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160458773095
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/...er/MotUtil.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://atwnt333.external.hp.com/bus-...r/SysQuery.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I had this error a couple times last night when I was doing the scans but it seems to have resolved itself because it hasn't come back since.

RUNDLL
nview.dll
A dynamic link library (DLL) initialization routine failed.

I have 2 programs that run on reboot that really slow things down. How do I remove them from running in my system tray every time?

**VopThis** · 15-04-2007

I have 2 programs that run on reboot that really slow things down. How do I remove them from running in my system tray every time?

Please name the programs involved.

Locate and delete the following FOLDER, if still present:

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007

I will also be providing a list of file clutter left behind by the vundo infection that needs to be removed (per combofix - mostly files of size 26,694). Look for that post shortly.

MSN virus

Re: MSN virus

Similar Threads

Virus that won't let me open or run any anti-virus software

virus

Virus

Pop Up Virus?

Ive got a Virus